CVE-2022-29836 In 2018, a Path Traversal vulnerability was found on Western Digital My Cloud Home, My Cloud Home Duo, and SanDisk ibi devices. This could allow attackers to abuse certain parameters to access the device's files.

These Western Digital and SanDisk storage devices are often connected to a network and accessible via the Internet. This could allow an attacker to exploit these devices via remote code execution to execute malicious code on the device, obtain sensitive data, or perform other actions. The remote attack is possible via a web-based interface and requires user interaction. Users should ensure that their network access is restricted to prevent unauthenticated users from connecting to the device via the Internet. Western Digital and SanDisk storage devices are often connected to a network and accessible via the Internet. This could allow an attacker to exploit these devices via remote code execution to execute malicious code on the device, obtain sensitive data, or perform other actions. The remote attack is possible via a web-based interface and requires user interaction. Users should ensure that their network access is restricted to prevent unauthenticated users from connecting to the device via the Internet.

CVE-2021-29834

These Western Digital and SanDisk storage devices are often connected to a network and accessible via the Internet. This could allow an attacker to exploit these devices via remote code execution to execute malicious code on the device, obtain sensitive data, or perform other actions. The remote attack is possible via a web-based interface and requires user interaction. Users should ensure that their network access is restricted to prevent unauthenticated users from connecting to the device via the Internet.

Western Digital Storage Devices

Western Digital storage devices are often connected to a network and accessible via the Internet. This could allow an attacker to exploit these devices via remote code execution to execute malicious code on the device, obtain sensitive data, or perform other actions. The remote attack is possible via a web-based interface and requires user interaction. Users should ensure that their network access is restricted to prevent unauthenticated users from connecting to the device via the Internet. Western Digital storage devices are often connected to a network and accessible via the Internet. This could allow an attacker to exploit these devices via remote code execution to execute malicious code on the device, obtain sensitive data, or perform other actions. The remote attack is possible via a web-based interface and requires user interaction. Users should ensure that their network access is restricted to prevent unauthenticated users from connecting to the device via the Internet.

Timeline

Published on: 11/09/2022 21:15:00 UTC
Last modified on: 11/15/2022 14:51:00 UTC

References

• https://www.westerndigital.com/support/product-security/wdc-22016-my-cloud-home-ibi-firmware-version-8-11-0-113
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-29836